CVE-2019-5108
First published: Wed Dec 11 2019(Updated: )
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1127.19.1.rt56.1116.el7 | 0:3.10.0-1127.19.1.rt56.1116.el7 |
| redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
| redhat/kernel-alt | <0:4.14.0-115.19.1.el7a | 0:4.14.0-115.19.1.el7a |
| redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
| redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
| ubuntu/linux | <4.15.0-88.88 | 4.15.0-88.88 |
| ubuntu/linux | <5.3 | 5.3 |
| ubuntu/linux | <4.4.0-174.204 | 4.4.0-174.204 |
| ubuntu/linux-aws | <4.15.0-1060.62 | 4.15.0-1060.62 |
| ubuntu/linux-aws | <4.4.0-1062.66 | 4.4.0-1062.66 |
| ubuntu/linux-aws | <5.3 | 5.3 |
| ubuntu/linux-aws | <4.4.0-1102.113 | 4.4.0-1102.113 |
| ubuntu/linux-aws-5.0 | <5.0.0-1025.28 | 5.0.0-1025.28 |
| ubuntu/linux-aws-5.0 | <5.3 | 5.3 |
| ubuntu/linux-aws-hwe | <5.3 | 5.3 |
| ubuntu/linux-aws-hwe | <4.15.0-1060.62~16.04.1 | 4.15.0-1060.62~16.04.1 |
| ubuntu/linux-azure | <5.0.0-1032.34 | 5.0.0-1032.34 |
| ubuntu/linux-azure | <4.15.0-1071.76~14.04.1 | 4.15.0-1071.76~14.04.1 |
| ubuntu/linux-azure | <5.3 | 5.3 |
| ubuntu/linux-azure | <4.15.0-1071.76 | 4.15.0-1071.76 |
| ubuntu/linux-azure-5.3 | <5.3 | 5.3 |
| ubuntu/linux-azure-edge | <5.3 | 5.3 |
| ubuntu/linux-gcp | <5.0.0-1031.32 | 5.0.0-1031.32 |
| ubuntu/linux-gcp | <5.3 | 5.3 |
| ubuntu/linux-gcp | <4.15.0-1055.59 | 4.15.0-1055.59 |
| ubuntu/linux-gcp-5.3 | <5.3 | 5.3 |
| ubuntu/linux-gcp-edge | <5.3 | 5.3 |
| ubuntu/linux-gke-4.15 | <4.15.0-1052.55 | 4.15.0-1052.55 |
| ubuntu/linux-gke-4.15 | <5.3 | 5.3 |
| ubuntu/linux-gke-5.0 | <5.0.0-1030.31 | 5.0.0-1030.31 |
| ubuntu/linux-gke-5.0 | <5.3 | 5.3 |
| ubuntu/linux-gke-5.3 | <5.3 | 5.3 |
| ubuntu/linux-hwe | <5.3.0-26.28~18.04.1 | 5.3.0-26.28~18.04.1 |
| ubuntu/linux-hwe | <5.3 | 5.3 |
| ubuntu/linux-hwe | <4.15.0-88.88~16.04.1 | 4.15.0-88.88~16.04.1 |
| ubuntu/linux-hwe-edge | <5.3 | 5.3 |
| ubuntu/linux-kvm | <4.15.0-1053.53 | 4.15.0-1053.53 |
| ubuntu/linux-kvm | <5.3 | 5.3 |
| ubuntu/linux-kvm | <4.4.0-1066.73 | 4.4.0-1066.73 |
| ubuntu/linux-lts-trusty | <5.3 | 5.3 |
| ubuntu/linux-lts-xenial | <4.4.0-174.204~14.04.1 | 4.4.0-174.204~14.04.1 |
| ubuntu/linux-lts-xenial | <5.3 | 5.3 |
| ubuntu/linux-oem | <4.15.0-1073.83 | 4.15.0-1073.83 |
| ubuntu/linux-oem | <4.15.0-1073.83 | 4.15.0-1073.83 |
| ubuntu/linux-oem | <5.3 | 5.3 |
| ubuntu/linux-oem-5.6 | <5.3 | 5.3 |
| ubuntu/linux-oem-osp1 | <5.0.0-1039.44 | 5.0.0-1039.44 |
| ubuntu/linux-oem-osp1 | <5.0.0-1039.44 | 5.0.0-1039.44 |
| ubuntu/linux-oem-osp1 | <5.3 | 5.3 |
| ubuntu/linux-oracle | <4.15.0-1033.36 | 4.15.0-1033.36 |
| ubuntu/linux-oracle | <5.3 | 5.3 |
| ubuntu/linux-oracle | <4.15.0-1033.36~16.04.1 | 4.15.0-1033.36~16.04.1 |
| ubuntu/linux-oracle-5.0 | <5.0.0-1011.16 | 5.0.0-1011.16 |
| ubuntu/linux-oracle-5.0 | <5.3 | 5.3 |
| ubuntu/linux-oracle-5.3 | <5.3 | 5.3 |
| ubuntu/linux-raspi2 | <4.15.0-1055.59 | 4.15.0-1055.59 |
| ubuntu/linux-raspi2 | <5.3 | 5.3 |
| ubuntu/linux-raspi2 | <4.4.0-1129.138 | 4.4.0-1129.138 |
| ubuntu/linux-raspi2-5.3 | <5.3 | 5.3 |
| ubuntu/linux-snapdragon | <4.15.0-1072.79 | 4.15.0-1072.79 |
| ubuntu/linux-snapdragon | <5.3 | 5.3 |
| ubuntu/linux-snapdragon | <4.4.0-1133.141 | 4.4.0-1133.141 |
| Linux Linux kernel | <5.3 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Data Availability Services | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| All of | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| All of | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| All of | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| All of | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| Oracle SD-WAN Edge | =8.2 | |
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Remedy
At this time there is no known mitigations to this issue other than to install the updated kernel package.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-5108 https://nvd.nist.gov/vuln/detail/CVE-2019-5108
- https://bugzilla.redhat.com/show_bug.cgi?id=1789927
- https://access.redhat.com/errata/RHBA-2020:3527
- https://access.redhat.com/errata/RHSA-2020:1016
- https://access.redhat.com/errata/RHSA-2020:1493
- https://access.redhat.com/errata/RHSA-2020:1567
- https://access.redhat.com/errata/RHSA-2020:1769
- https://access.redhat.com/security/cve/cve-2019-5108
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://security.netapp.com/advisory/ntap-20200204-0002/
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
- https://usn.ubuntu.com/4285-1/
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4286-2/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://www.debian.org/security/2020/dsa-4698
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://launchpad.net/bugs/cve/CVE-2019-5108
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e493173b7841259a08c5c8e5cbe90adb349da7e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789928
- https://security-tracker.debian.org/tracker/CVE-2019-5108
- https://ubuntu.com/security/notices/USN-4285-1
- https://ubuntu.com/security/notices/USN-4286-1
- https://ubuntu.com/security/notices/USN-4287-1
- https://ubuntu.com/security/notices/USN-4286-2
- https://ubuntu.com/security/notices/USN-4287-2
- https://www.cve.org/CVERecord?id=CVE-2019-5108
- https://nvd.nist.gov/vuln/detail/CVE-2019-5108
- https://git.kernel.org/linus/4fd6931ebe24640bec72b91ba612325843a5e3cc
- https://ubuntu.com/security/CVE-2019-5108
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-5108
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.70.1
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp a700s firmware
- canonical/netapp a700s
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp 8300 firmware
- canonical/netapp 8300
- canonical/netapp 8700 firmware
- canonical/netapp 8700
- canonical/netapp a400 firmware
- canonical/netapp a400
- vendor/oracle
- canonical/oracle sd-wan edge
- version/oracle sd-wan edge/8.2